New-Genx IoT-Offense '​ Psycho-Social Cyber Fraud '​- the GTH technique

#artificialintelligencetechnology#technologicalfrauds#error#bankingtransaction#bankerevidence#cybercrime#economicaloffences#65BEvidenceAct#limitations#forensicengineering#internetofthings

CHAPTER 01: New-Genx Crime ' Psycho-Social Cyber Fraud ' - the GTH technique

The digital dream of India is coming to fruition. The amount of digital transactions in the nation has multiplied in recent years, propelling it to the top of the world rankings for real-time payments. Banking Customers must be well educated on proper digital conduct, where banks and other financial organizations shall have a crucial role in spreading this information to the general public.

Here is a series of Chapter-Articles on "AI-based technological frauds in banking transactions," the author, Ekata Deb, shall try to decipher a few pointers:

1. Cyber Crime Cons & Fraudstar's New SOCIAL ENGINEERING SCRIPTED TACTICS - GTH technique

2. Whether OTP based Banking transaction can be considered 100% safe?

3. Can't phishing happen in between the microseconds time difference on a recipient of an OTP? What may happen in case the mobile phone of the customer is in itself is somehow compromised?

4. What can we conclude from the objective of AI-based Banking Transactions or digitization of the banking system? Are they affirming that they are designed for the ease of the customers?

5. Retention of the details where frauds are detected due to technological error/infringement as to the Limitations at par Sec 7 of IT Act, 2000 for conviction beyond all reasonable doubts.

6. Understanding the Limitations and Gap-Analysis of Bankers' Books Evidence Act, 1891, i.c.w Information Technology Act, 2000 r/w Indian Evidence Act, 1872.

Conclusive Opinions of the Author Ekata Deb:

In today's world, whatever active technologies work or choose to exist at the Surface & Deep level of Internet Access Medium, the entirety of the technological frauds or errors in banking transactions is happening at the Dark Level - The onion shell of the Internet Medium. This makes us compelled to believe that every cyber crime happening at a hyper-scale level at any given time is UNKNOWN to both the SYSTEM and the STATUE.

Here, the prima facie understanding of the gap analysis between the statutes is that mere records of Banking transactions and Certificate of Authority of services inclusive of transaction details from Banks are not sufficient enough while dealing with Technological frauds and errors in Banking Offences and Transactions, respectively.

The in-between Statute is silent to provide a substantial definition of types of Banking offenses i.e the modus operandi in itself, the impact of the #Mensrea while the accomplishment of the banking offenses, the procedural measures to be taken while investigation of the crime, the time bar limitations to be expedited from taking up cognizance to report of the crime, trial and retention of data to pursue a conviction beyond all reasonable doubts. In addition to this, remedies need to seek for providing adequate and faster relief to the victims of such frauds, as to Doctrine of caveat emptor may not be wholly exempted at consumer courts or criminal courts in the current Legal Structure.

Nobody could have predicted this, both in terms of the invention and the availability of so many inventive, effective, secure payment options. The adoption of digital payments in India is driven by a perception of security and a pervasive IT-driven Socio-Economical Structure.

Let's Talk about

TWO-FACTOR AUTHENTICATION "OTP BASED TRANSACTION"

One-complete password (OTP) systems provide a way to access a network or service using a unique password that, as the name implies, can only be used once. The complete form of OTP is one-time password. The least secure and most often used authentication mechanism is the static password.

It is a common notion for both the System & the Statute that due to the two-factor authentication, it is tough for fraudsters to steal money from clients' bank accounts in India. However, despite two-factor authentication, people are still victims of online fraud. This is because fraudsters increasingly use social engineering tactics to get customers' sensitive financial information.

They are utilizing Scripts which in a way stimulates the Reward center of the Brain, i.e. nucleus accumbens. The nucleus accumbens, a region of the ventral striatum that is connected to intricate circuits, including the amygdala and the hippocampus, which are significantly linked to motivation and reward. When the nucleus accumbens is active, the amount of dopamine in this area goes up. The specially crafted Socially Engineered scripts of the Cyber Crime Fraudstars are based on the Greed, Threat, and Help ("GTH") approach to entice customers into disclosing passwords, PINs, OTPs, and other secret information. Since they can't change how the System works, fraudsters are basically trying to "hack" the minds of consumers.

Basically, its not just Cyber Crime but a " Psycho-Social Cyber Crime "

Society as a whole, especially in developing countries like India, where the "below poverty line" supersedes the "corruption statistics." needs to first mitigate the threats of Cyber Crime. This may be achieved by first understanding the Foreplay factor - #MensRea of these Con stars and fraudsters, which is by default a much need of this hour. Also, education on this GTH script of Psycho-Social Cyber Crime for society holds supreme importance in the current scenario.

Fraudsters have developed new techniques for stealing their second-factor authentication information from clients. Clients are being asked to click on and enter their information on some bogus websites (lookalikes), which fraudsters then exploit to conduct unlawful transactions and scam customers. On the other hand, customers continue to think that they did not divulge the secret code or information.

FEW OFTEN USED MODUS-OPERANDI BY CYBER CRIME CON STARS

Their modus-operandi in the commission of Cyber Crime includes but is not limited to phishing links, vishing calls, frauds using online sales platforms, frauds due to the use of unknown/unverified mobile apps, ATM Card Skimming, Frauds using screen sharing apps/remote desk access, SIM Swap/ SIM Cloning, Frauds by compromising credentials through a compromised search engine, SCAM through QR Code Scan, Impersonation on Social Media, Juice Jacking, Lottery Frauds, Online Job Frauds, Money Mules and this list simply goes on and on.

A revolution in financial fraud is being brought about by the transition of banking to digital channels. This was once the domain of small-time thieves aiming to steal relatively tiny quantities of money. However, today's digital banking fraud is a significant worldwide sector where highly skilled criminal gangs regularly work with dishonest bank employees to steal enormous amounts of money. As a result, banks now have more responsibilities and obligations to pay for the damage their clients suffer because of fraud.

Post-COVID-19, there is an enormous amount of technological advancements and an excess of accessibility of everyday devices in IoT-based platforms. For instance, hackers are fully aware of the intricacies of the code when there are numerous open code sources, such as Magento React. Gadgets and items with built-in sensors are connected to an Internet of Things platform, which combines and analyzes data from several devices. The sensors used in stores are one of the most basic examples. They can determine how long clients stay in various areas of the store, which products they frequently buy, and the path they take around the facility building. This information can be used to spot patterns, make recommendations, and anticipate problems before they happen.

The number of digital platforms has grown, and with it, the paths that fraudsters might use are being laid around. Let's check in at the international level. With the introduction of open banking and the entry into force of Europe's second Payment Services Directive (PSD2), their choices will likely grow again. Banks, will continue to be responsible for losses brought on by unlawful transactions made via these new digital channels while offering a new set of difficulties.

In light of this alarming situation, we have put together few Chapter-Articles in our newsletter, LAWEEKLY, that explains the what, why, and how of online banking fraud. With this informational newsletter, "Laweekly," we want to help banks and others find their weak spots, predict digital banking fraud threats, and learn the most up-to-date best practices so they can spot not only fraud but also may help to stop it.

Society expects buyers to exercise more caution while making digital purchases. The commonly used legal maxim is the "Doctrine of caveat emptor," meaning "let the buyer beware." However, in our opinion, the main issue underlying the rate of legal literacy amongst Indian or otherwise citizens of any country is quite challenged. For say, when the Right to Education till date is not explicitly found enabled in every nook & corner of our country as a whole, expecting our fellow citizens to know the meaning and importance of the Doctrine of Caveat Emptor or even the Doctrine of Ignorantia Juris Non-Excusat becomes Miles stone way apart.

Conclusion

Today, most cyber scams only happen when victims knowingly or unknowingly give fraudsters access to their sensitive financial data by identifying themselves as bankers, customer service agents, utility company employees, physicians, or buyers or sellers. Hence, when Schematic Cyber Crime Fraudsters use this GTH technique, Customers should exercise caution when following any links given to them by unknown senders or numbers. They should preferably avoid entering their secret passwords, or customers should use caution when clicking any links they may get from unidentified senders or phone numbers. If not, individuals should avoid inputting their private information, such as their secret passwords, on any websites they reach because of following these links.

Summarily crafted Solution, a.k.a Awareness

This is undoubtedly the era of digital payment growth in India. It is less of an evolution and more of a revolution. Therefore, it is important to inform the public about secure banking procedures. Customers need to be informed about good online behavior, and financial institutions such as banks will be key players in getting this message out to the public. The following rules should be followed by customers while transacting online:

• Please don't click on links sent to you over SMS or WhatsApp that are not legitimate.

• Watch out for fake calls that ask you to download outside programs to provide certain remedies to our cell phone. This starts with hacking with your identity, as a result of which, if it suddenly stops working, you should ask that no funds be deducted from the associated bank accounts and contact your telecom service provider to get your service reinstated.

• To bring customer service or helpline numbers, always use the official websites.

• Nobody should ever have access to your passwords, one-time passwords, PINs, CVVs, or confidential financial information.

• The Unified Payments Interface ("UPI") does not need you to enter a PIN or scan a QR code to receive money, so exercise caution.

• If you see any unusual activity in your bank account, call the National Cyber Crime Helpline of the country immediately or report it online.